PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 might allow remote authenticated users with the CREATEDB or CREATEROLE role to gain superuser privileges via a (1) " (double quote), (2) \ (backslash), (3) carriage return, or (4) newline character in a (a) database or (b) role name that is mishandled during an administrative operation.
rhn.redhat.com/errata/RHSA-2016-1781.html
rhn.redhat.com/errata/RHSA-2016-1820.html
rhn.redhat.com/errata/RHSA-2016-1821.html
rhn.redhat.com/errata/RHSA-2016-2606.html
www.debian.org/security/2016/dsa-3646
www.securityfocus.com/bid/92435
www.securitytracker.com/id/1036617
access.redhat.com/errata/RHSA-2017:2425
security.gentoo.org/glsa/201701-33
www.postgresql.org/about/news/1688/
www.postgresql.org/docs/current/static/release-9-1-23.html
www.postgresql.org/docs/current/static/release-9-2-18.html
www.postgresql.org/docs/current/static/release-9-3-14.html
www.postgresql.org/docs/current/static/release-9-4-9.html
www.postgresql.org/docs/current/static/release-9-5-4.html